#zero_day

Microsoft: Hackers are Using Malicious IIS Extensions to Backdoor Exchange Servers

By Deeba Ahmed According to Microsoft, hackers are exploiting the IIS web servers to install backdoors and steal credentials in their… This is a post from HackRead.com Read the original post: Microsoft: Hackers are Using Malicious IIS Extensions to Backdoor Exchange Servers

2 years ago

HackRead

Open in Source

#vulnerability #web #windows #microsoft #git #backdoor #zero_day #chrome #ssl

Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits

A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the

2 years ago

The Hacker News

Open in Source

#vulnerability #mac #windows #google #microsoft #git #intel #rce #asus #auth #zero_day #ssl #The Hacker News

Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware

Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.

2 years ago

DARKReading

Open in Source

#windows #microsoft #pdf #asus #auth #zero_day

Cloud fax company claims healthcare pros are ditching email for ‘more secure’ fax

The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extr

2 years ago

PortSwigger

Open in Source

#vulnerability #web #mac #git #pdf #zero_day #ssl

Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers

FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty

2 years ago

The Hacker News

Open in Source

#vulnerability #git #auth #zero_day #The Hacker News

Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22. PrestaShop is

2 years ago

The Hacker News

Open in Source

#sql #vulnerability #web #zero_day #The Hacker News

CVE-2022-34907: Filewave MDM Security Vulnerabilities Uncovered by Claroty

An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.

2 years ago

CVE

Open in Source

#vulnerability #web #ios #android #mac #windows #git #auth #zero_day

Aqua Launches Out-of-the-Box Runtime Security with Advanced Protection against the Most Sophisticated Threats

Security professionals can now achieve real-time protection for their workloads in minutes.

2 years ago

DARKReading

Open in Source

#vulnerability #mac #intel #aws #zero_day

The January 6 Secret Service Text Scandal Turns Criminal

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.